suckless
/
ubase
mirror of git://git.suckless.org/ubase
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

passwd: prevent segfault when running as root 

When running as root, passwd attempts to compare the new password to
the old password, without having grabbed the old passwd.

This checks if the previous password hash was grabbed before comparing
it against the new password hash.
This commit is contained in:
John Regan 2018-09-29 14:28:37 -04:00 committed by sin
parent 7ffe3cfacc
commit 4f1b54dd92
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
passwd.c
View File

@ -235,11 +235,14 @@ newpass:
eprintf("getpass:");
if (inpass[0] == '\0')
eprintf("no password supplied\n");
p = crypt(inpass, prevhash);
if (!p)
eprintf("crypt:");
if (cryptpass1 && strcmp(cryptpass1, p) == 0)
eprintf("password left unchanged\n");
if(prevhash) {
p = crypt(inpass, prevhash);
if (!p)
eprintf("crypt:");
if (cryptpass1 && strcmp(cryptpass1, p) == 0)
eprintf("password left unchanged\n");
}
gensalt(salt + strlen(salt));
p = crypt(inpass, salt);
if (!p)